Can You Stop Spam By Going After The Webhosts?
from the not-yet,-but-maybe? dept
While spam filters have gotten better over the years, meaning that email spam is now “manageable” for most people, some people are apparently arguing that a better solution to stopping spammers is to go after the web hosts who host the sites advertised in spam. That sounds nice in theory, but in practice it doesn’t make that much sense. In fact, the article even notes that a guy who’s been using this approach over the past four years has shut down over 30,000 sites… but the number of spammers out there has remained essentially constant. In other words, despite the entire premise of the article, this method doesn’t seem to work very well in stopping spam. It’s not too hard to figure out why. First of all, there are tons of different webhosts out there, and some less-than-scrupulous ones have found that hosting for spammers is quite lucrative. There’s always going to be someone out there willing to host these sites… and even if there aren’t, spammers will probably just focus on using their hijacked zombie networks to run web servers as well. Also, of course, lately spammers have found that stock spam is incredibly lucrative — and that doesn’t require any site to link to at all. So a method like this is pretty useless for any kind of stock spam or other popular spam like 419 advance fee frauds or even the spam messages designed to get you to install a trojan to draft your computer into a zombie network. Yes, it would be great if this method does help stop spam — and we’re not saying the folks doing it should stop. But, the reports claiming that this is a great way to stop spam probably could have used a little more support.
Comments on “Can You Stop Spam By Going After The Webhosts?”
No
Simple, No.
It won’t stop spammers. Just like it wont stop people from posting links to sites that only contain ad links.
http://iphonecommunity.us
http://fuckyoumyspacefriend.com
http://canyoubemymother.com
Just as examples of course 🙂
Seriously though, aren’t there a group of people using the trial (?) period for registering domain names, then dumping before it ends?
What stops them from regging a domain, sending out several mil emails to hit that site, but redirecting to the real site. How will this help?
There is no cure-all
…for stopping SPAM.
This is just one more method to help in the fight.
Actually, I think it’s a good one. Rather than trying to block 10000 SPAM messages, shut down the referred site. This hits them in the wallet. Maybe not much, but anything that makes it more difficult for the spammers is a good thing.
I would encourage them to go even further. Not just shut down the site, but go after the site owner. They are obviously complicit in this.
Every little bit helps.
Re: There is no cure-all
Bingo.
Re: Re: There is no cure-all
If by “little bit” you mean a 9mm in the back of a spammers head, I like it.
Spammers die and burn in hell.
Ok ok ok
My previous post was modded, I had a few links of websites with only ad links for effect.
Anyhow, the meat of the post was regarding the trial reg period for domain names. The way to get around the removal of the spam websites is to use these trial periods. Reg 500 – 1K domains a month, spam the hell out of the for 2 days, and redirect any visitors to another page.
The temp site is not regged, as it is “returned” after 3 days, and any potential true buyers are sent to a real site.
Spamvertized websites
I’d have to go look in the usenet archives to figure out both how long this approach has been advocated, as well as how long I’ve expressed discomfort with it.
Joe jobs have been a known spammer tactic for a long time. Websites do get joed.
And, looking at the larger picture, over the past decade or so, the spam war has been largely lost. Many of us were trying to preserve an open culture where if you were communicating with someone in a public forum, you could “take it to email”. For the most part, that capability has now been lost. And with that loss, a lot of the reason for opposing “whitelist only” email has gone too.
So, at this point, we should probably be focussing more on avoiding collateral damage—as most of us move to closed email systems.
Missing the point of Spam
Want to know the cure for spam? Stop clicking on it. The reason people spam is because it is profitable for them. The news still has reports about people falling for that Nigerian 419 scam or w/e it is, where someone needs your bank account info to transfer millions to leave their country and will pay you x% to do it.
The biggest problem facing the internet is the millions of people too stupid to use it. Everything from Senators that think it is tubes to P2P Classified file sharing government employees to idiots that click on everything they get mailed to them.
Re: Death by proxy, anyone?
Want to know the cure for spam? Stop clicking on it.
Um, Yeah, want to get people to stop “clicking” on spam messages? Go after MS to change its retarded default presentation of inbox messages in most all email clients. (web and local based)
Problems:
1) Reading pane is defaulted to on and you have to turn it off for every folder in your message store (including -*duuuuuuuHHHhhh*- the new “junk email” folder). This just adds fuel to the worldwide spammer fire by urls that are automatically loaded. Changing this logic would have been far more useful than the “block loading urls” feature introduced in 2003, since probably 9 of 10 users turn it back on right away anyway.
2) Turn on the “To:” column by default, this is very easy to do and it makes identifying spam 9 times easier. My rule of thumb – if can’t identify the sender, recipient or subject; it might just be Anthrax, but hey – better open and take a sniff anyway, right?
Re: Missing the point of Spam
Actually, there is a simple and relatively painless method that will kill spam but leave e-mail intact.
E-mial postage, probably at 10 cents (US) per e-mail — paid to the recipient.
If a spam bot tries to send a million e-mials, the spammer has to come up with $100,000 cash on the spot. However, as an individual I will send and receive roughly the same number of e-mails over a month. When my ISP tallies up the numbers, I will be plus or minus a couple of dollars, no big deal.
Legitimate companies will still send commercial e-mails, but they will work a bit harder to get qualified addresses. The number of spam messages will drop, and the number of scams will drop even more (even if they pay, that puts them on the grid — follow the money!!).
Re: Re: "I sent how many emails???"
Email postage doesn’t sound easy or painless and would just create more problems;
Imagine that the mailbox outside your house is designed to automatically print and apply stamps to any mail dropped in – oh, and it’s attached to your credit card. (I’ll be by your house later with some things I need to send out – you don’t mind, do you?)
Besides, I think this kind of “tax on bytes” your proposing already exists – it’s called a ‘bill’ by ISP’s everywhere, some of which have an invisible byte limit.
They need to go after the money. Start fining drug companies for all them viagra emails. You watch how fast those emails stop going out.
RE: Death by proxy
Ok, allow me to be more specific than “Don’t CLICK on it”.
If no one was falling for scams like the Nigerian 419 one, would those scams still be around YEARS after they appeared? Or the new wave of stock pump and dump emails. If there was no profit in this for spammers, they would not do it.
Re: You did what?
You’re absolutely right, there’s still probably 1 idiot in 4 that has too much time/money/trust/naivety/greed (pick one) on their hands to be a good team player against this type of theft.
RE: RE: Missing the point of Spam
You said simple and painless, that system would be anything but simple and painless. In order to send any email, anywhere, you would have to set up a payment account tied to every email account. Also, what about companies sending out internal emails by the dozen? What if they send a copy of those memos to a non-work address for an employee? What payment company would process all of these transactions (millions a day)?
I can think of dozens of reasons that is a horrible idea, but it’s really not necessary to go into them if you think for a bit about that idea. Additionally, it’s putting a burden on people that don’t have a spam problem.
One problem with always shutting down spamvertized web sites is that it creates an easy denial of service attack versus web sites: don’t like the site? Spamvertize it and watch it disappear!
This idea does work...
… if the e-mail specifies a site.
For example, if you get bombarded with porn spam, it’s usually a simple (though usually distasteful) procedure to go to the site, find the billing company, and complain about spam to them. Many billing companies have zero-tolerance policies about spam since they want to at least give the appearance of being “legit”.
If the billing company stops processing payments for the porn site, the site can’t make money, and it shuts down. Maybe they come back as a different site or a brand-new company, but at least you’ve shut down one site. 😉
As for the “e-mail tax”, it will probably never work.
As a test, a few years AOL announced that they would charge a fee to companies to be added to a white list. If the company paid, the e-mail filters would automatically whitelist all e-mails from them. If the company didn’t pay, the e-mail filers would handle their mail the same as before: maybe it would get through and maybe it would be labeled spam.
A lot of non-profit companies (possibly the Red Cross or a breast-cancer awareness group) mis-interpreted the proposed change and threw a fit about how they wouldn’t be able to send e-mails to the millions of people on their mailing list.
So if companies get this upset over a proposal to change how filters work, imagine what would happen if you suggested that they pay a fee to have their e-mail delivered.